Add built-in function to get_aws_account_alias

[jones2026]

Accounts are often provisioned with several items named using the account alias and it would be helpful to have this helper be able to fetch this value for the terragrunt config.

Another use case is naming your var files something like my-account-name.tfvars which helps identify which account/environment this file should be used for and is more human friendly than an account number. If terragrunt could look this up you could have it dynamically load the correct var file based on the current account the user is logged into.

Below is an example of using this name as the mechanism to load the correct .tfvars file:

terraform {
  extra_arguments "account_vars" {
    commands  = get_terraform_commands_that_need_vars()
    # With the get_aws_account_alias() function, you can load the correct var file for this account
    arguments = ["-var-file=${get_aws_account_alias()}.tfvars"]
  }
}

I am hoping to work on a PR for this soon and would love any comments and/or suggestions!

[brikis98]

Thx for filing this issue and the PR.

Taking a step back, I'm a little worried that adding more and more AWS-specific helpers will end up bloating the Terragrunt API, making it harder to use, and making it harder to maintain. The generic functions related to Terragrunt/Terratest (e.g., get_terraform_commands_that_need_vars() and get_terragrunt_parent_dir()) make sense to add, but the cloud-specific ones, such as get_aws_account_id(), may have been a mistake. They are certainly useful, but there is an infinite list of possibly useful such functions, and if we wanted to support similar functionality for every cloud (AWS, GCP, Azure), the complexity of using and maintaining the API might get out of hand quickly.

I'm tempted to put a cap on it now, and not add any new cloud-specific functions. Perhaps in the future, we even deprecate the existing ones. I believe run_cmd provides a reasonable workaround for these use cases, especially once we add memoization, as we're discussing in #1554. E.g.,

locals {
  aws_account_id    = run_cmd("aws", "sts", "get-caller-identity", "--output", "text", "--query", "Account")
  aws_account_alias = run_cmd("aws", "iam", "list-account-aliases", "--output", "text", "--query", "AccountAliases")
}

That said, I'm open to other opinions. @yorinasub17 and @infraredgirl I'd value your input on this too!

[jones2026]

I actually really like the suggestion and completely agree it becomes dangerous to keep adding provider specific code.

Any ideas on a good docker image (for use in CI) that already has Terragrunt, Terraform, and AWS CLI setup? I was previously using alpine/terragrunt and before building my own image was wondering what others might be using?

[yorinasub17]

That said, I'm open to other opinions. @yorinasub17 and @infraredgirl I'd value your input on this too!

Agreed with your assessment here. You can even use jsondecode(run_cmd()) to avoid figuring out the query syntax that aws cli uses for extracting the values.

[brikis98]

Roger, thank you both! I'm going to close this PR then. Hopefully, @amnk can wrap up #1554 soon to give us memoization too.